The computer security industry just suffered a hilarious disappointment
The experts who issued the warning were consultants that work with a software tool called Samba. Samba is widely used software to help Windows work better with Linux and Unix systems. The Samba people were working with Microsoft to patch the Badlock Bug.The experts, a German company named SerNet which discovered the Badlock bug, created a website and alerted everyone to be ready on April 12, the date when the patch would be finished and all the details about this scary and devastating new threat would be revealed.
"Please update your systems. We are pretty sure that there will be exploits soon," the Badlock website warns.But, once the details of Badlock were revealed on Tuesday, it turned out to be a not-so-critical bug at all. It's true the bug can allow an attacker to gain control of a Windows network, accessing a widely used Microsoft system for managing passwords called Active Directory. However, to use the bug, the attacker already has to have hacked inside a network.
It's like a warning that thieves have a new way to steal your valuables with the first step being that they need to get the key to your house.With the threat clearly in the hype category, the response from IT professionals and general security industry has been hilarious. Critics have renamed the bug "Sadlock" and a new Twitter meme has been born.
1st Law of Vuln Hype: the time between branded announcement and disclosure is inversely proportional to actual impact of the bug. #badlock- Jan Schaumann (@jschauma) April 12, 2016
1. Compromise an enterprise network from the inside- Kenn White (@kennwhite) April 12, 2016
2. Modify arbitrary AD traffic
3. Escalate privilege
Can we go back to Step 1? #Badlock
- UP to have cold chain space for 1.23L litres of vaccine
- Wuhan authorities now find Covid-19 on imported frozen food
- From WhiteHat Jr, Big Basket, and Unacademy to Dunzo — these are the Indian startups that reported data leaks over the past few months
- Chennai volunteer for SII's Covid vaccine claims Rs 5 cr compensation for health complications
- ASEAN distances from China's Covid vaccine diplomacy